Overview

File fix_uninitialized_value.patch of Package sblim-sfcb.4310

Date: Tue Dec 13 17:51:55 CET 2016
Author: Marcus Meissner
Bug: 1015155
Summary: Fix uninitialized value reported by valgrind

*-* sfcXmlerror: syntax error, unexpected $end, expecting XTOK_XML
==1715== Conditional jump or move depends on uninitialised value(s)
==1715==    at 0x588CD82: handleCimRequest (cimRequest.c:1883)
==1715==    by 0x4E3D95A: doHttpRequest (httpAdapter.c:1399)
==1715==    by 0x4E3EC96: handleHttpRequest (httpAdapter.c:1741)
==1715==    by 0x4E3EC96: acceptRequest (httpAdapter.c:2022)
==1715==    by 0x4E40847: httpDaemon (httpAdapter.c:2452)
==1715==    by 0x404866: startHttpd (sfcBroker.c:540)
==1715==    by 0x4038B3: main (sfcBroker.c:1062)
==1715==
==1715== Conditional jump or move depends on uninitialised value(s)
==1715==    at 0x4E3A0CF: writeResponse (httpAdapter.c:635)
==1715==    by 0x4E3DA3E: doHttpRequest (httpAdapter.c:1415)
==1715==    by 0x4E3EC96: handleHttpRequest (httpAdapter.c:1741)
==1715==    by 0x4E3EC96: acceptRequest (httpAdapter.c:2022)
==1715==    by 0x4E40847: httpDaemon (httpAdapter.c:2452)
==1715==    by 0x404866: startHttpd (sfcBroker.c:540)
==1715==    by 0x4038B3: main (sfcBroker.c:1062)
==1715==
==1715== Use of uninitialised value of size 8
==1715==    at 0x4C2C6C2: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1715==    by 0x4E3A0B4: writeResponse (httpAdapter.c:643)
==1715==    by 0x4E3DA3E: doHttpRequest (httpAdapter.c:1415)
==1715==    by 0x4E3EC96: handleHttpRequest (httpAdapter.c:1741)
==1715==    by 0x4E3EC96: acceptRequest (httpAdapter.c:2022)
==1715==    by 0x4E40847: httpDaemon (httpAdapter.c:2452)
==1715==    by 0x404866: startHttpd (sfcBroker.c:540)
==1715==    by 0x4038B3: main (sfcBroker.c:1062)
==1715==
==1715== Invalid read of size 1
==1715==    at 0x4C2C6C2: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1715==    by 0x4E3A0B4: writeResponse (httpAdapter.c:643)
==1715==    by 0x4E3DA3E: doHttpRequest (httpAdapter.c:1415)
==1715==    by 0x4E3EC96: handleHttpRequest (httpAdapter.c:1741)
==1715==    by 0x4E3EC96: acceptRequest (httpAdapter.c:2022)
==1715==    by 0x4E40847: httpDaemon (httpAdapter.c:2452)
==1715==    by 0x404866: startHttpd (sfcBroker.c:540)
==1715==    by 0x4038B3: main (sfcBroker.c:1062)
==1715==  Address 0xbbf0bda8 is not stack'd, malloc'd or (recently) free'd
==1715==
==1715==

And tons of others!!! Thank you valgrind.






Index: sblim-sfcb-1.4.8/providerMgr.c
===================================================================
--- sblim-sfcb-1.4.8.orig/providerMgr.c
+++ sblim-sfcb-1.4.8/providerMgr.c
@@ -1329,7 +1329,7 @@ intInvokeProvider(BinRequestContext * ct
           object[i].length);
   }
 
-  buf = malloc(l + 8);
+  buf = calloc(1, l + 8);
 
   if (ctx->noResp & 1) {
     hdr->options |= BRH_NoResp;
Index: sblim-sfcb-1.4.8/providerDrv.c
===================================================================
--- sblim-sfcb-1.4.8.orig/providerDrv.c
+++ sblim-sfcb-1.4.8/providerDrv.c
@@ -1177,7 +1177,7 @@ makeSafeResponse(BinResponseHdr* hdr, Bi
     len += (hdr->object[i].type == MSG_SEG_CHARS ? PADDED_LEN(hdr->object[i].length) : hdr->object[i].length);
   }
 
-  outHdr = malloc(len +rvl + 8);
+  outHdr = calloc(1, len +rvl + 8);
   memcpy(outHdr, hdr, size);
 
   if (rvl) {
Index: sblim-sfcb-1.4.8/result.c
===================================================================
--- sblim-sfcb-1.4.8.orig/result.c
+++ sblim-sfcb-1.4.8/result.c
@@ -91,7 +91,7 @@ prepResultBuffer(NativeResult * nr, unsi
     nr->dMax *= 2;
 
   nr->dNext = 0;
-  nr->data = malloc(nr->dMax);
+  nr->data = calloc(1, nr->dMax);
 
   nr->sMax = nr->dMax / 400;
   nr->sNext = 0;
Index: sblim-sfcb-1.4.8/cimXmlParser.c
===================================================================
--- sblim-sfcb-1.4.8.orig/cimXmlParser.c
+++ sblim-sfcb-1.4.8/cimXmlParser.c
@@ -54,7 +54,7 @@ Throw(XmlBuffer __attribute__ ((unused))
 static XmlBuffer *
 newXmlBuffer(char *s)
 {
-  XmlBuffer      *xb = malloc(sizeof(*xb));
+  XmlBuffer      *xb = calloc(1, sizeof(*xb));
   xb->base = xb->cur = (char *) strdup(s);
   xb->last = xb->cur + strlen(xb->cur);
   xb->nulledChar = 0;
@@ -1714,6 +1714,8 @@ scanCimXmlRequest(CimRequestContext *ctx
   ParserControl   control;
   *rc=0;
 
+  memset(&control, 0, sizeof(control));
+
   XmlBuffer      *xmb = newXmlBuffer(xmlData);
   control.xmb = xmb;
   control.reqHdr.buffer = xmb;
Index: sblim-sfcb-1.4.8/objectImpl.c
===================================================================
--- sblim-sfcb-1.4.8.orig/objectImpl.c
+++ sblim-sfcb-1.4.8/objectImpl.c
@@ -225,12 +225,12 @@ addClStringN(ClObjectHdr * hdr, const ch
     for (; nmax <= l; nmax *= 2);
     buf =
         setStrBufPtr(hdr,
-                     malloc(((nmax - 1) * sizeof(char)) +
-                            sizeof(ClStrBuf)));
+                     calloc(1, ((nmax - 1) * sizeof(char)) +
+                               sizeof(ClStrBuf)));
     buf->bMax = nmax;
     buf->bUsed = buf->iUsed = 0;
     buf->iMax = 16;
-    setStrIndexPtr(buf, malloc(sizeof(*buf->indexPtr) * 16));
+    setStrIndexPtr(buf, calloc(1, sizeof(*buf->indexPtr) * 16));
     hdr->flags |= HDR_Rebuild;
   }
 
Index: sblim-sfcb-1.4.8/args.c
===================================================================
--- sblim-sfcb-1.4.8.orig/args.c
+++ sblim-sfcb-1.4.8/args.c
@@ -207,6 +207,7 @@ __new_empty_args(int mm_add, CMPIStatus
                  *tArgs;
   int             state;
 
+  memset(&args, 0, sizeof(args));
   args.args = a;
   tArgs = memAddEncObj(mm_add, &args, sizeof(args), &state);
   tArgs->mem_state = state;
openSUSE Build Service is sponsored by
Places